Technical Documentation – CISCO COMMANDS

 

TITLE – CISCO TIPS

VERSION – 1.1

AUTHOR – Alvin Artis

CREATION DATE – Dec. 2002

UPDATED BY – 

 

 

CONTENTS

 

CONTENTS....................................................................................................................................................................... 1

ROUTER CONFIG............................................................................................................................................................ 2

General Tips.................................................................................................................................................................. 2

Ctrl+C => Cancels Command...................................................................................................................................... 2

Terminal Monitor => Displays Logging Info........................................................................................................... 2

Saving changes............................................................................................................................................................ 2

Loading configs/ images from a  TFTP Server........................................................................................................ 2

Changing Passwords Routers.................................................................................................................................... 2

Adding Security Banners........................................................................................................................................... 2

Adding a Host Name on a router............................................................................................................................... 2

Configuring Interfaces................................................................................................................................................ 3

OSPF Routing Configuration..................................................................................................................................... 3

HSRP config.................................................................................................................................................................. 3

IP Encryption Between Links..................................................................................................................................... 3

Configuring ISDN Dialup Interfaces??..................................................................................................................... 4

Routing on a Stick - Configuring Trunk Ports on the Router???.......................................................................... 5

MSM Config..................................................................................................................................................................... 6

General........................................................................................................................................................................... 6

Configuring Virtual Routing....................................................................................................................................... 6

Switch Configuration....................................................................................................................................................... 8

To set a port to Trunk for Router on a Stick.......................................................................................................... 11

 

 



ROUTER CONFIG

General Tips

Ctrl+C => Cancels Command

Terminal Monitor => Displays Logging Info

 

Saving changes

Write or copy run to startup # saves to memory on router

Copy run tftp # copies to tftp server

 

Loading configs/ images from a  TFTP Server

Copy tftp flash

   

Changing Passwords Routers

Conf t

Enable secret xxxxxxx

No enable password

 

Sh run

Goto End..

Con=console

Aux=Modem

Vty=Telnet

 

Conf t

Line 0 6

Password xxxxxxx

 

Adding Security Banners

Conf t

banner motd # Logon using a valid account and password.

Authorized Users Only.#

Adding a Host Name on a router

Conf t

Ip host [host name] [ip]

 

#Added All Routers/ Switches

ip host VpnSrv 192.168.77.254

 

 

Configuring Interfaces

conf t

int [type] [slot number]

e..g int ethernet 3/1

ip address 192.168.150.254 255.255.255.0

no shutdown

 

sh run

sh interface [x]

sh ip int brief

 

OSPF Routing Configuration

Conf t

Router ospf 100 # arbitary number

network 192.168.0.0 0.0.255.255 area 0 # area 0 is the default/ master area for OSPF

 

Setting up other areas ??

 

sh ip routes

HSRP config

#You need to do this on both interfaces on the 2 x routers

 

standby 100 priority 100 # highest number between 2xinterfaces takes priority

 standby 100 preempt # automatically take over

 standby 100 ip 192.168.150.254 # HSRP virtual address

 standby 100 track Serial0/0 10 # The number it decrements form the priority so if it takes over and the other card comes back with higher priority it takes back priority from other router interface.

Sh standby

 

IP Encryption Between Links

 

#This should be configured on both routers using the encryption.

 

crypto isakmp policy 20

 authentication pre-share

crypto isakmp key 12345678900987654321alvinalvinalvin12345678900987654321 address 192.168.255.2

 

crypto ipsec transform-set Mindofal ah-md5-hmac esp-des

 

 crypto map to-USNYOrtr01 local-address Loopback0

 crypto map to-USNYOrtr01 10 ipsec-isakmp

 set peer 192.168.255.2

 set transform-set Mindofal

 match address 110

 

#Set Loopback address for Encription

interface loopback 0

 desc ***** Loopback Interface For IPSec *****

 ip address 192.168.255.1 255.255.255.255

 no shut

 

#Set the Access List <- New access list for each link for encription e.g. 110-US 111-BCO

 

access-list 110 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 #  Allows all 192.168 traffic over the link. This is referenced in the Crypto map section.

 

sh access-list

Extended IP access list 110

    deny ip 192.168.255.0 0.0.0.255 any (2522539 matches)

    deny ip 192.168.143.0 0.0.0.255 any (35 matches)

    permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 (4473128 matches)

Extended IP access list 111

    deny ip 192.168.255.0 0.0.0.255 any (46196 matches)

    deny ip 192.168.143.0 0.0.0.255 any

    permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 (111817 matches)

 

#Add Encription to the interface you want to encript.

interface Serial4/0

crypto map to-USNYOrtr01 #The actual thing that starts the encryption off is the crypto map applied to the

serial interface add this last.

 

ip classless #IP address's over the links don't worry about the subnet class.

 

sh crypto ipsec sa

sh crypto map

 

Configuring ISDN Dialup Interfaces??

 

 

dialer-list 1 protocol ip list 110 #Access List for Dialup

 

username USNYOrtr02 password 7 5668464644126464646 #Username and password for access to this router from the corresponding router. The password is common between routers.

 

description ***** Dial-on-Demand Circuit to USNYOrtr02 - This is Shutdown until emergency and needs a no shut command *****

isdn switch-type basic-net3

ip address 192.168.143.21 255.255.254.0

encapsulation ppp

ppp authentication chap

dialer-group 1 #No of group which interface belongs (1-10). Must be same as the dialer-list number.

Dialer map ip 192.168.143.22 name USNYOrtr02 broadcast 0012129823796

Dialer load threshold 200 either #1-255 = load before second isdn number is called. 255=100%

Dialer idle-timeout 120 #Measured in seconds

ip ospf demand-circuit #??

No shutdown

 

Sh dialer # Status of Link , amount of time up etc

Sh isdn active # displays status while call in progress

Sh isdn status

 

Username same at both ends??

Also how do you initiate second call?? 

 

debug dialer

terminal monitor

 

Routing on a Stick - Configuring Trunk Ports on the Router???

 

interface FastEthernet0/0.1

 encapsulation isl 1

 ip address 192.168.255.130 255.255.255.240

 no ip redirects

 no ip directed-broadcast

!

interface FastEthernet0/0.1

 encapsulation isl 1

 ip address 192.168.255.129 255.255.255.240

 no ip redirects

 no ip directed-broadcast

!

interface FastEthernet0/0.2

 encapsulation isl 2

 ip address 192.168.49.253 255.255.254.0

 no ip redirects

 no ip directed-broadcast

 standby 2 priority 100 preempt

 standby 2 ip 192.168.49.254

 standby 2 track Hssi3/0

!

interface FastEthernet0/0.3

 no ip directed-broadcast

!

interface FastEthernet0/0.4

 encapsulation isl 4

 ip address 192.168.101.253 255.255.255.0

 no ip redirects

 no ip directed-broadcast

 standby 4 priority 95 preempt

 standby 4 ip 192.168.101.254

 standby 4 track Hssi3/0

 

 

 

 

 

 

 

 

MSM Config

 

General

 

service timestamps debug datetime # Add time and date stamp to logs

service timestamps log datetime # Add time and date stamp to logs

 

ip subnet-zero # Allows the use of the subnet address and does not jus reserve it for the the host network.

no ip domain-lookup # Stops abitary names or typo's being looked up over domain.

 

 

Configuring Virtual Routing

 

N.B. the physical ports used for routing and specified in the switch config. This is done anywhere a port is assigne to that paricular VLAN.

 

interface Port-channel1

 no ip address

 no ip directed-broadcast

 hold-queue 300 in

 

VLAN 1 Routing WAN Router Up Links

interface Port-channel1.1 # Port-channel1 = The channel group the msm uses. See channel groups below.

 description **** Management VLAN / Link To WAN Routers ****

 encapsulation isl 1 # ISL = Cisco protocol. 1 = VLAN number.

 ip address 192.168.255.147 255.255.255.240

 no ip redirects

 no ip directed-broadcast

 

VLAN 2 MSM/ Switch Backplane routing. Max>4GB.

interface Port-channel1.2

 description **** Office VLAN ****

 encapsulation isl 2

 ip address 192.168.1.253 255.255.254.0

 no ip redirects

 no ip directed-broadcast

 standby 100 priority 150

 standby 100 preempt

 standby 100 ip 192.168.1.254

 

interface Port-channel1.3

etc

 

interface Port-channel1.4

etc

 

All GB interfaces on the router in this case are using the same channel group so the max 4GB bandwidth is shared. These could be separated at a later date.

 

interface GigabitEthernet0/0/0

 no ip address

 no ip directed-broadcast # Stops directed broadcasts i.e. 192.168.143.0 i.e. this is a whole subnet and it is a security risk to allow you to ping it.

 no negotiation auto

 channel-group 1 # this sets the channel group referenced earlier to use that particular interface.

!

interface GigabitEthernet1/0/0

 no ip address

 no ip directed-broadcast

 no negotiation auto

 channel-group 1# this sets the channel group referenced earlier to use that particular interface.

 

interface GigabitEthernet3/0/0

 no ip address

 no ip directed-broadcast

 no negotiation auto

 channel-group 1# this sets the channel group referenced earlier to use that particular interface.

 

interface GigabitEthernet4/0/0

 no ip address

 no ip directed-broadcast

 no negotiation auto

 channel-group 1# this sets the channel group referenced earlier to use that particular interface.

 

router ospf 100

 redistribute static subnets # This will redistribute static rouets to the

 passive-interface Port-channel1.2 # Doesn't forward on OSPF Link State Advertisments (LSA) to the other routers in separate networks. The WAN routers are configured to forward LSA's but this is normally disabled on MSM's to reduce processing overhead.

 passive-interface Port-channel1.4

 passive-interface Port-channel1.5

 passive-interface Port-channel1.6

 passive-interface Port-channel1.7

 passive-interface Port-channel1.8

 passive-interface Port-channel1.9

 passive-interface Port-channel1.10

 passive-interface Port-channel1.11

 passive-interface Port-channel1.12

 passive-interface Port-channel1.13

 passive-interface Port-channel1.14

 passive-interface Port-channel1.15

 network 192.168.0.0 0.0.255.255 area 0 # Sets up the default OSPF area 0.

 

ip classless # Ignores subnets requiring correct masks. i.e. allows suppernetting and subnetting

ip route 195.134.4.0 255.255.255.0 192.168.1.245 # Static route for the firewall

 

SNMP Settings

snmp-server community public RO

snmp-server community private RW

snmp-server location cls 7th floor

snmp-server chassis-id clsmsm7

snmp-server host 192.168.200.3 traps public

 

banner motd ^C 7th Floor Switch MSM ^C

 

Console Settings

line con 0

 password 7 13061600580A1126273D

 transport input none

line aux 0

 password 7 110A181744141E000833

line vty 0 4

 password 7 094F4F1B4A03021E0715

 no login

 

Switch Configuration

Ctrl+C => Cancels a Command

 

Set banner motd etc…

!

#system

set system baud  9600

set system modem disable

set system name  clssw7

set system location cls 7th floor

set system contact

!

#power

set power redundancy enable

!

#frame distribution method

set port channel all distribution mac both

!

#snmp

set snmp community read-only      readcls1

set snmp community read-write     writecls1

set snmp community read-write-all allcls1

set snmp rmon enable

set snmp trap enable  module

set snmp trap enable  chassis

set snmp trap enable  repeater

set snmp trap enable  vtp

set snmp trap enable  auth

set snmp trap enable  ippermit

set snmp trap enable  vmps

set snmp trap enable  entity

set snmp trap enable  config

set snmp trap enable  syslog

set snmp trap enable  stpx

set snmp trap 192.168.200.3   public

set snmp trap 192.168.1.101   snmpprv1

set snmp trap 192.168.1.102   snmpprv1

 

#vtp

set vtp domain Mindofal# All domian names need to be the same

set vtp mode server # One server in a domiain is the server controlling the trunking etc. The others e.g. 10 floor switch are clients

 

Command to set VLAN's = Set vlan [number] name [vlan name]

 

set vlan 1 name default type ethernet mtu 1500 said 100001 state active # mtu = max transfer unit.

set vlan 2 name Office-VLAN type ethernet mtu 1500 said 100002 state active

set vlan 3 name Application-VLAN type ethernet mtu 1500 said 100003 state active

 

#ip of the switch Itself = Management Address

set interface sc0 1 192.168.255.149/255.255.255.240 192.168.255.159

 

set interface sc0 up

set interface sl0 0.0.0.0 0.0.0.0

set interface sl0 up

set arp agingtime 1200

set ip redirect   enable

set ip unreachable   enable

set ip fragmentation enable

set ip route 0.0.0.0/0.0.0.0 192.168.255.147 1 # Default route for the management ip

set ip alias default         0.0.0.0

 

#spantree

 

set spantree route/secondary #  = Primary or secondary. For our switched we have made the switches load balance.

 

#uplinkfast groups

set spantree uplinkfast disable

 

#backbonefast

set spantree backbonefast disable

 

 

#ntp Network time Protocol

set ntp broadcastclient disable

set ntp broadcastdelay 3000

set ntp client disable

clear timezone

set summertime disable

 

#set boot command

set boot config-register 0x102 # 102 = Flash

set boot system flash bootflash:cat6000-sup_5-3-5a-CSX

set boot system flash bootflash:cat6000-sup.5-2-1-CSX.bin

set boot system flash bootflash:cat6000-sup.5-1-1-CSX.bin

 

#CDP # Cisco Discovery Protocol

set cdp interval 60

set cdp holdtime 180

set cdp enable

 

 

 

 

#module 1 : 2-port 1000BaseX Supervisor - Mostly defaults

set module name    1

set vlan 1    1/1-2

set port enable     1/1-2

set port trap       1/1-2  enable

set port name       1/1-2

set port security   1/1-2  disable

set port broadcast  1/1-2  100%

set port membership 1/1-2  static

set port protocol 1/1-2 ip on

set port protocol 1/1-2 ipx auto

set port protocol 1/1-2 group auto

set port negotiation 1/1-2 enable

set port flowcontrol    1/1-2 send desired

set port flowcontrol    1/1-2 receive off

set cdp enable   1/1-2

set udld enable 1/1-2

set trunk 1/1  on isl 1-1005 # Fibre uplinks 7/10 Floor

set trunk 1/2  on isl 1-1005 # Fibre uplinks 7/10 Floor

set spantree portfast    1/1-2 disable # # Disables spanning tree as we are using both the links bundles together to give us 2GB.

set spantree portcost    1/1-2  4

set spantree portpri     1/1-2  32

set spantree portvlanpri 1/1  0

set spantree portvlanpri 1/2  0

set spantree portvlancost 1/1  cost 3

set spantree portvlancost 1/2  cost 3

set port qos 1/1-2 cos 0

set port qos 1/1-2 trust untrusted

set port gvrp     1/1-2  disable

set gvrp registration normal   1/1-2

set gvrp applicant normal   1/1-2

set port gmrp   1/1-2  enable

set gmrp registration normal    1/1-2

set gmrp fwdall disable    1/1-2

set port channel 1/1-2 mode on # Sets the ports channel to bundle both together

set port jumbo 1/1 disable

set port jumbo 1/2 disable

!

#module 2 : 2-port 1000BaseX Supervisor Spare supervisor Card. Mostly Defaults

set module name    2

set vlan 1    2/1-2

etc

 

#module 3 : 48-port 10/100BaseTX (RJ-45)

set vlan 1    3/1

set vlan 2    3/2-34

set vlan 4    3/45-48

set port enable     3/1-48

set port speed      3/1-48  auto

set port trap       3/1-48  enable

set port name       3/1  GBHXOrtr01 # Only set in this case for the WAN router

set port name       3/2-48

set port security   3/1-48  disable # Allow or block mac address's

set port broadcast  3/1-48  100%

set port membership 3/1-48  static

set port protocol 3/1-48 ip on

set port protocol 3/1-48 ipx auto # defaults

set port protocol 3/1-48 group auto # defaults

set port flowcontrol    3/1-48 send off # defaults

set port flowcontrol    3/1-48 receive off # defaults

set cdp enable   3/1-48 # defaults

set udld disable 3/1-48 # defaults

set trunk 3/1-48 off negotiate 1-1005 # will negotiate automatically this is normall set for all ports

set spantree portfast    3/1-48 enable # Forwards traffic straight away and does not wait for the 15 seconds for spanning tree (Bridge Data Protocal Units BDPU's every 2 seconds)

set spantree portcost    3/1,3/3,3/5,3/7-11,3/13-14,3/16,3/18-23,3/26,3/31-34  1 # defaults

set spantree portcost    3/2,3/4,3/6,3/12,3/15,3/17,3/24-25,3/27-30,3/35-48  100 # defaults

set spantree portpri     3/1-48  32 # defaults

set spantree portvlanpri 3/1  0 # defaults

set spantree portvlanpri 3/2  0 # defaults

set port qos 3/1-48 cos 0 # defaults

set port qos 3/1-48 trust untrusted # defaults

set port gvrp     3/1-48  disable# defaults

set gvrp registration normal   3/1-48# defaults

set gvrp applicant normal   3/1-48# defaults

set port gmrp   3/1-48  enable# defaults

set gmrp registration normal    3/1-48# defaults

set gmrp fwdall disable    3/1-48# defaults

set port channel 3/1-48 mode off# defaults

 

#switch port analyzer # span ports to monitor traffic on ports.

 

#cam mac lookup table layer 2 routing stuff

set cam agingtime 1-16,1003,1005 300 # defaults

sh cam dynamic # shows contents of cam table/ ages of mac address's

 

#qos mac-cos Quality Of Service. Guarantee certain bandwidth for certain devises

 

 

RMON

Sh top # Which MAC address's are using the most bandwidth on the LAN.

 

 

To set a port to Trunk for Router on a Stick

 

set trunk 3/1  on isl 1-1005 # Where 1-1005 = the number of VLAN's that can trunk on that specific port

 

END     

 

Back to Top